package com.gs.security.browser.config;

import com.gs.security.core.authentication.AbstractChannelSecurityConfig;
import com.gs.security.core.common.SecurityConstants;
import com.gs.security.core.properties.SecurityProperties;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * @Description
 * @Author heartstring
 * @Date 2020/5/20
 */
@Slf4j
@Configuration
public class BrowserSecurityConfig extends AbstractChannelSecurityConfig
{
    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private SecurityProperties securityProperties;
//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.inMemoryAuthentication()
//                .withUser("admin1") // 管理员，同事具有 ADMIN,USER权限，可以访问所有资源
//                .password(passwordEncoder.encode("123456"))  //
//                .roles("ADMIN", "USER")
//                .and()
//                .withUser("user1").password("{noop}user1") // 普通用户，只能访问 /product/**
//                .roles("USER");
//
//    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        log.debug("Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");

                http.formLogin()
                        .loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)
                        .loginProcessingUrl(SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_FORM)  //表单验证的请求路径
                        .and()
                        .authorizeRequests()
                        .antMatchers(
                                securityProperties.getBrowser().getLoginPage()
                                ,SecurityConstants.DEFAULT_VALIDATE_CODE_URL_PREFIX+"/*"
                                , SecurityConstants.DEFAULT_UNAUTHENTICATION_URL
                                ,"/register")
                        .permitAll()
                        .anyRequest().authenticated()
                        .and()
                        .csrf().disable(); //登录页面


    }
}
